gcontenttype: Fix a potential NULL pointer dereference

If the initial part of the header (‘MIME-TreeMagic’) is valid, but the
following line does not start with ‘[’ (i.e. is not a valid section
line), insert_matchlet() will be called with a NULL match pointer, and
will crash with a NULL pointer dereference.

Fix this by bailing out if a valid section line isn’t encountered before
the first insert_matchlet() call (i.e. between the header line and the
first data line).

Note that this has not been tested against a real treemagic file; the
fix is purely theoretical.

Found by scan-build.

https://bugzilla.gnome.org/show_bug.cgi?id=113075
This commit is contained in:
Philip Withnall 2013-11-26 11:12:48 +00:00
parent aa28ced44e
commit 8b9e8dc53b

View File

@ -1032,11 +1032,16 @@ read_tree_magic_from_directory (const gchar *prefix)
match = parse_header (lines[i]);
insert_match (match);
}
else
else if (match != NULL)
{
matchlet = parse_match_line (lines[i], &depth);
insert_matchlet (match, matchlet, depth);
}
else
{
g_warning ("%s: header corrupt; skipping\n", filename);
break;
}
}
g_strfreev (lines);